When an employee or contractor leaves the company, it’s best practice to immediately disable their access to company resources.
In the digital and online world, it’s easy to miss some forms of access, and remember off-hand every single system where the employee’s access should be revoked.
The level of risk increases when the employee separation occurs involuntarily, which might create a situation where the former employee is disgruntled, and increases exponentially if the employee has administrative privileges to sensitive systems.
In this article, I will attempt to outline best practices for a policies and processes around identity and access management, enumerate specific forms of access, many of which might be overlooked, and share some anecdotes resulting from the failure to properly revoke a terminated employee’s privileges.